Installing and Administering PPP
106 Chapter 5
Security Techniques
Building a Stanza - Specifics
Note 1: RFC 1812 deprecates the use of messages 8 through 10 so their
mnemonic codes have been removed. They can still be used by specifying
them numerically.
Note 2: The uses of ICMP Destination Unreachable messages have
grown. The list of message codes and their meanings is spread across a
number of RFCs. ICMP Destination Unreachable messages are covered
in RFC 792, RFC 1122, and RFC 1812.
Log and Trace Keywords
Use the keywords ‘log’ and ‘trace’ to log actions taken by the packet filter
or dump the contents of the matching packet (in hex) to the system log.
Example 1:
frag/trace # block and dump the contents of any IP fragment
# received
9 (see Note 2) Communication with the destination network is
administratively prohibited. This code was intended for use
by end-to-end encryption devices used by U.S. military
agencies. Routers should use the newly defined Code 13
(CommunicationAdministratively Prohibited) if they
administratively filter packets.
10 (see Note 2) Communication with the destination host is administratively
prohibited. Same reasoning as message 9 above.
11 net-tos Destination network unreachable for the designated type of
service.
12 host-tos Destination host unreachable for the designated type of
service.
13 prohibited Communication Administratively Prohibited.
14 precedence Host Precedence Violation.
15 precedence-cutoff Precedence cutoff in effect.
rst This is a special keyword which will not send an ICMP
Destination Unreachable message but instead a TCP RST
packet.
# Name Description